Tag Archives: Business Risk

Data Breaches Costing Healthcare Industry Billions

AÂ  list of data breaches maintained by the Privacy Rights Clearinghouse includes a variety of breaches at healthcare facilities, where personal information such as medical records or prescription drug information was compromised.

Now a study from the Ponemon Institute finds that data breaches of patient information cost healthcare organizations nearly $6 billion annually, and that many breaches go undetected.

Hat tip to the Wall Street Journal Health blog for highlighting the study.

According to its findings, the impact of a data breach over a two-year period is around $2 million per organization and the lifetime value of a lost patient is $107,580.

The average organization had 2.4 data breach incidents over the past two years. Major factors causing data breaches are unintentional employee action, lost or stolen computing devices and third-party error.

Given the rising exposure, you’d think hospitals and other healthcare facilities would be taking steps to protect patient data. Not so.

The research shows that protecting patient data is a low priority for hospitals and that organizations have little confidence in their ability to secure patient records.

Some 58 percent of organizations have little or no confidence in their ability to appropriately secure patient records, while 70 percent of hospitals said that protecting patient data is not a priority.

This is despite the fact that the HITECH Act, enacted in 2009, widened the scope of privacy and security protections under HIPAA to provide stronger safeguards for patient data. This includes notification to patients when their information is breached.

Unfortunately, the majority (71 percent) of respondents do not believe the HITECH Act regulations have significantly changed the management practices of patient records.

Rick Kam, president and co-founder of ID Experts (sponsors of the study) says:

We talk with healthcare compliance people dealing with data breach risks every day and they just can’t get their arms around the problem of data exposure. Unfortunately, in healthcare organizations, patient revenue trumps risk management.†

Check out I.I.I. info on ID theft.

Small Companies Ignore Data Breach Potential

Most small private companies ignore the risk of data breach, despite serious concerns over the financial consequences of a breach, according to a just-released survey from Chubb.

Some 92 percent of executives surveyed did not believe it likely that they would endure an electronic breach of confidential customer information that would require them to comply with costly notification laws in more than 40 states.

What’s more, most (67 percent) of the companies in Chubb’s survey do not have an incident response plan for an electronic security breach.

Yet a breach of electronically-stored private customer data was seen as the third most financially damaging event a company could experience, according to the survey.

The findings come as a list compiled by the Privacy Rights Clearinghouse shows that more than 500 million sensitive records, such as personal medical records, credit card  and social security numbers,  Ã‚  have been compromised due to data breaches  in the U.S. since 2005. And the Clearinghouse says this is only a fraction of the total number of breaches.

Ahead of data breaches, an employment practices lawsuit followed by employee theft were the most financially damaging events a company could experience, according to Chubb’s survey.

Nearly one in five (16 percent) of those surveyed expect an EPL charge would be lodged against their firm in the next 12 months.

Meanwhile, 54 percent expect their employees would steal company funds, equipment, inventory or merchandise in the next year. Just 30 percent of companies have experienced such thefts in the past five years.

The Chubb Private Company Risk Survey interviewed decision makers at 451 U.S. for-profit companies, more than 90 percent of which had annual revenues of less than $25 million.

Check out I.I.I. information on identity theft  and the I.I.I. small businessowners’ guide to insurance.

Litigation Risk Rises Amid Sagging Economy

The upward trend in litigation against U.S. companies that began with the economic downturn continued in 2010 and will likely increase again in the coming year, according to the Seventh Annual Litigation Trends Survey from international law firm Fulbright & Jaworski.

Some 93 percent of corporate counsel at U.S. firms polled by Fulbright & Jaworski expect legal disputes to increase or remain the same in the next 12 months, while 87 percent said their companies faced new litigation in the past year, up from 83 percent the previous year.

Fulbright reports that more large-cap companies than mid- and small-caps expect litigation increases over the next 12 months, while by industry sector a sizeable 42 percent of energy companies are bracing for a jump in disputes.

As well as the lagging economy, nearly one-third of U.S. in-house counsel cited stricter regulation as a major concern.

Fulbright noted that more regulators have been investigating a greater variety of companies, from small to large and across sectors – particularly banking, healthcare and energy.

Looking ahead, one-quarter of all respondents – and one-third of respondents from energy, healthcare and insurance – expect the number of regulatory proceedings their companies face to increase in the coming year.

From the insurance perspective, large increases in tort costs lead to higher insurance costs and can harm businesses trying to grow. Check out the latest Insurance Information Institute (I.I.I.) report that examines the state of tort inflation in the U.S.

JetBlue Incident and Workplace Stress

It’s Friday and if you haven’t already activated the emergency slide, grabbed a couple of beers and departed the office, there are a couple of matters arising from the actions of JetBlue flight attendant Steven Slater that demand our attention.

First up, Crain’s New York Business reminds us that while Mr. Slater’s actions were extreme, the incident is by no means isolated. In fact industry experts say that more incidents like this can be expected to occur.

The article quotes Alan Sirowitz, director of clinical services at JFK Advanced Medical, a health center at the airport, who told Crain’s:

“There are more people reacting to anger triggers now than ever before, in every part of the airline industry. There are people who intentionally annoy flight attendants, and have an attitude of taking advantage of them because of their own stress factors.†

Good point and it’s not just the airline industry that has stressed employees. Stress is a growing and costly problem in many industry sectors today, exacerbated by tough economic times.

According to the National Institute for Occupational Safety and Health (NIOSH), about one-third of workers report high levels of stress and high levels of stress are associated with substantial increases in health service utilization.

In addition, periods of disability due to job stress tend to be much longer than disability periods for other occupational injuries and illnesses.

The American Psychological Association estimates that workplace stress (including absenteeism, diminished productivity, employee turnover, medical, legal and insurance expenses) costs U.S. businesses about $300 billion a year.

And a 2009 survey by Towers Watson and the National Business Group on Health found that companies that maintain health and productivity programs even amid the recession experience lower health care and disability costs.

However, companies are not doing enough to reduce stress experienced by employees due to excessive work hours, lack of work/life balance and fears about job loss, the survey said.

It found that only 24 percent of companies are taking actions to address excessive workloads, 40 percent are acting on work/life balance and 42 percent are addressing fears about job loss.

It’s worth noting that JFK Advanced Medical, the airport health center cited in the Crain’s story recently launched an employee-assistance support services program, according to the report.

The program is designed to provide the aviation workers community with counselors and programs for things like anger management, anxiety, depression and substance-abuse counseling.

More of these types of programs may be needed if we’re not to see more workers activate emergency slides in future.

The Need for Employment Practices Liability (EPL)

If ever there was a time for a business to buy employment practices liability (EPL) insurance it’s now, according to latest data on workplace discrimination claims released by the U.S. Equal Employment Opportunity Commission (EEOC). The findings show that 93,277 workplace discrimination charges were filed with the EEOC during fiscal year 2009 – the second highest level ever – and monetary relief obtained for victims totaled over $376 million. As in previous years, race and retaliation were the most frequently cited types of employment discrimination in 2009, each accounting for more than one-third (36 percent) of charges filed with the EEOC, while sex-based discrimination charges were the third most frequently filed (30 percent). Bear in mind that multiple types of discrimination may be alleged in a single charge filing. A closer look at the numbers reveals some key takeaways. For example, the number of charges alleging discrimination based on disability rose by 10 percent to 21,451 – the highest level ever. At 22,778, the number of charges alleging age-based discrimination also reached the second-highest level ever. Charges of discrimination based on national origin also rose by 5 percent to 11,134. A range of factors, including economic conditions, increased diversity and demographic shifts in the labor force and employees’ greater awareness of their rights under the law, contributed to the near-historic level of total discrimination charge filings, the EEOC said. Check out I.I.I. information on  EPL insurance.

Economic Downturn Dominates Risk Agenda

The economy is currently dominating the risk management agenda, according to a survey of 570 global business leaders by the Economist Intelligence Unit, commissioned by Lloyd’s. As a result, environmental and natural hazard risks are increasingly being seen as low priority. Among the top 10 global risk priorities identified in the survey, all of the risks are either directly or indirectly related to the economy. This raises the question of whether companies are sidelining other, vital risks in their efforts to navigate their businesses through the current economic downturn. Although respondents claim they are well prepared to manage environmental and natural hazard risks, their low priority suggests there may be gaps emerging in the ability of companies to withstand some longer term and tail risks. According to the survey, executives need to look beyond the headlines when assessing risk priorities and not focus entirely on short-term issues. “Risk management can too often focus on chasing the latest problem, rather than taking a more dispassionate view of risk over a longer time-frame that takes account of a broader set of potential threats, including tail risks,† the survey notes. Check out I.I.I. facts and stats on international insurance markets.

Financial Crisis Top Risk

The financial crisis is the greatest business risk facing the insurance sector in 2009, according to the second annual business risk report from Ernst & Young and Oxford Analytica. It suggests that the consequences of economic events, financial shocks and their aftermath have been so profound that they are likely to shape the industry for the next 10 years. Major forms of change involve products, regulation, investment strategies and capital requirements. Model risk ranked as the second greatest business risk facing insurers. According to the study, the failure to recognize the shortcomings of models and to adequately capture the nature of underlying risks has left some insurance companies unprepared for the depth of recent financial events. Regulatory intervention ranked as the third top risk for insurance. While the full extent of regulatory change is unknown, early signs are that revisions to insurance sector regulation have the potential to be dramatic. Insurance companies need to recognize the broader implications and prepare for the sweeping changes that lie ahead. Check out Insurance Journal’s June 23 online article for more on the study findings.